On Thu, 31 Jul 2003, Manuel Bouyer wrote:

> On Wed, Jul 30, 2003 at 08:32:07PM -0700, Adam Bozanich wrote:
> >
> > Hi all.  Whenever I try to http://www.netbsd.org, ipfilter drops packets
> > with this:
> >
> You can tell by matching the @0:7 with the output of ipfstat -i -n

Thanks, it's the default drop.  Which makes me wonder... how the heck do I
let these in w/out a port number???

>
> >
> > For some reason I _ONLY_ have this problem with netbsd.org
> >
> > Am I just being paranoid by droping these? Why only netbsd.org giving
> > this to me?
>
> I don't know, but it looks more like something on the path is fragmenting the
> packets. www.netbsd.org itself shouldn't send fragmented TCP packets.
> What is your network setup ?
>

Nothing special, just a couple of boxes directly connected to the switch side
of a lynksys ADSL router.

This whole thing turned up another damm problem though... ipmon on the sparc64
isn't working.

The man page says to use facility local0, so I put this in /etc/syslog.conf:

local0.*	/var/log/ipfilter_log

Nothing.  I even tried catching it with *.*

I also tried it from the command line, no errors or anything, but no output
there either.

to be sure...

adam@ultra% ls -l /var/log/ipfilter_log
-rw-------  1 root  wheel  0 Jul 31 10:51 /var/log/ipfilter_log

I'm using the GENERIC kernel and I see that IPFILTER_LOG is turned on.

maybe somebody can tell me where I'm going wrong here?

I can give you the whole body of the packets if you want.

Or maybe somebody knows how to convert those 'foo.giv,v' files that are
avaliable via ftp into files I can use (I'm stuck on 'sitedrivenby.gif' on my
apache install) (from the 'htdocs' dir)

Sorry to lay a bunch of stuff on you all, just wherever I try to work-around,
I run into another dead-end.

Thanks

-Adam Bozanich